read cert chain and private key

This commit is contained in:
Christian Ulrich 2020-11-02 23:52:26 +01:00
parent fbebb0f566
commit bff7556147
No known key found for this signature in database
GPG Key ID: 8241BE099775A097
1 changed files with 25 additions and 4 deletions

View File

@ -1,9 +1,19 @@
{.passL: "-l quicly -l picotls-core -l picotls-openssl -l crypto".} {.passL: "-l crypto -l quicly -l picotls-core -l picotls-openssl".}
import quicly/quicly import quicly/quicly
import quicly/defaults import quicly/defaults
import picotls/picotls import picotls/picotls
import picotls/openssl import picotls/openssl as ptls_openssl
from openssl import DLLSSLName, EVP_PKEY, EVP_PKEY_free
const certChainPath = "./certs/server-certchain.pem"
const keyPath = "./certs/server-cert.key"
proc PEM_read_PrivateKey(fp: File, x: ptr EVP_PKEY,
cb: proc(buf: cstring, size: cint, rwflag: cint, u: pointer): cint {.cdecl.},
u: pointer): EVP_PKEY
{.cdecl, dynlib: DLLSSLName, importc.}
proc onStreamOpen(self: ptr quicly_stream_open_t, stream: ptr quicly_stream_t): proc onStreamOpen(self: ptr quicly_stream_open_t, stream: ptr quicly_stream_t):
cint {.cdecl.} = cint {.cdecl.} =
@ -13,7 +23,6 @@ proc main() =
# callbacks # callbacks
var streamOpen = quicly_stream_open_t(cb: onStreamOpen) var streamOpen = quicly_stream_open_t(cb: onStreamOpen)
var signCertificates: ptls_openssl_sign_certificate_t
var tlsCtx = ptls_context_t(randomBytes: ptlsOpensslRandomBytes, var tlsCtx = ptls_context_t(randomBytes: ptlsOpensslRandomBytes,
getTime: addr ptlsGetTime, getTime: addr ptlsGetTime,
keyExchanges: ptlsOpensslKeyExchanges, keyExchanges: ptlsOpensslKeyExchanges,
@ -22,7 +31,19 @@ proc main() =
var ctx = quiclySpecContext var ctx = quiclySpecContext
ctx.tls = addr tlsCtx ctx.tls = addr tlsCtx
ctx.stream_open = addr streamOpen ctx.stream_open = addr streamOpen
# TODO: ptls_load_certificates if ptlsLoadCertificates(addr tlsCtx, certChainPath.cstring) != 0:
echo "cannot load certificate chain ", certChainPath
quit(1)
let pKeyFile = open(keyPath)
let privateKey = PEM_read_PrivateKey(pkeyFile, nil, nil, nil)
pkeyFile.close()
if privateKey == nil:
echo "cannot load private key ", keyPath
quit(2)
var signCertificate: ptls_openssl_sign_certificate_t
discard ptls_openssl_init_sign_certificate(addr signCertificate, privateKey)
EVP_PKEY_free(privateKey)
tlsCtx.signCertificate = addr signCertificate.super
echo "hello world" echo "hello world"
when isMainModule: when isMainModule: